As more IT organizations turned to VPNs for remote access, they found they had a problem. They still wanted to be able to limit what people working remotely could access through the VPN. They needed segmentation.
Historically with VPNs, organizations would give everybody access to the network at the same level. Someone coming in from the outside might get access to resources that they wouldn’t have permissions for if they were working in the office.
Subnets were designed to try to isolate end users coming into the network from the VPN, so organizations didn’t have to figure out that access on every access request. But what happens when all of a sudden everybody’s invited to the party, like now?
How do you keep the network from being overrun? How do you keep from giving the wrong permissions to the wrong people, especially when you’re ramping up forwarding rules on the fly? And what happens if a hacker can gain access with compromised credentials?
Now these users (or hackers) potentially have access to all your resources, because the VPN doesn’t offer any segmentation without complicating things with subnets. It just drops the users on your network, and from there it becomes a nightmare for your team to securely manage the segmentation of permissions effectively. VPNs aren’t designed to really offer any granular control.
However, TAC provides that granular control instantly. When you scale and change your workforce, or need to publish new applications, TAC allows you to do so securely in minutes. You don’t have to conduct an in-depth network architecture conversation every time you want to make changes, or add support staff to manage permissions, or risk lumping people into the wrong categories.
Organizations using TAC can quickly and efficiently create and modify security policies. For instance, you may need to add permissions for a new group of users to gain access to certain applications. With TAC, you just add that group to the security policy for that application and they have access, provided they meet the security requirements you’ve instituted for that application. They no longer need access to the network; they now get access to the resources they qualify for – and nothing more.